Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

27 matches found

OSV
OSVadded 2022/07/18 7:15 p.m.4 views

GHSA-29XR-V42J-R956 thenify before 3.3.1 made use of unsafe calls to `eval`.

Versions of thenify prior to 3.3.1 made use of unsafe calls to eval. Untrusted user input could thus lead to arbitrary code execution on the host. The patch in version 3.3.1 removes calls to eval...

9.8CVSS7.7AI score0.01605EPSS
Exploits1References10
Github Security Blog
Github Security Blogadded 2022/07/18 7:15 p.m.39 views

thenify before 3.3.1 made use of unsafe calls to `eval`.

Versions of thenify prior to 3.3.1 made use of unsafe calls to eval. Untrusted user input could thus lead to arbitrary code execution on the host. The patch in version 3.3.1 removes calls to eval...

9.8CVSS9.4AI score0.01605EPSS
Exploits1References10Affected Software2
vulnersOsv
vulnersOsvadded 2022/07/18 7:15 p.m.6 views

@accordproject/cicero-cli (>=0.2.48 <=0.8.0-20181025052931), @accordproject/cicero-common (>=0.2.50 <=0.3.17-20180604161941) +104 more potentially affected by CVE-2020-7677 via thenify (>=2.0.0 <=3.3.0)

thenify NPM version =2.0.0, =0.2.48, =0.2.50, =0.2.46, =0.2.46, =0.2.46, =0.0.37, =0.0.36, =0.0.37, =0.1.0, =0.1.0, =2.1.1, =0.1.0, =0.2.2 and more Source cves: CVE-2020-7677 Source advisory: OSV:GHSA-29XR-V42J-R956...

9.8CVSS7.2AI score0.01605EPSS
Exploits1
Positive Technologies
Positive Technologiesadded 2022/07/18 12:0 a.m.1 views

PT-2022-9060 · Thenify +3 · Thenify +3

Name of the Vulnerable Software and Affected Versions: thenify versions prior to 3.3.1 Description: The issue arises from the lack of sanitization of the name argument provided to the thenify package, which is then passed to the eval function without any sanitization. This allows untrusted user...

9.8CVSS9.6AI score0.01605EPSS
Exploits1References32
Veracode
Veracodeadded 2020/06/19 3:0 a.m.25 views

Arbitrary Code Injection

thenify is vulnerable to arbitrary code execution. Untrusted user input is passed to the eval function which would allow an attacker to inject and execute arbitrary code on the system...

9.8CVSS5.1AI score0.01605EPSS
Exploits1References9Affected Software2
Snyk
Snykadded 2020/06/15 3:44 p.m.2 views

Arbitrary Code Execution

Overview thenify is a Promisify a callback-based function using any-promise. Affected versions of this package are vulnerable to Arbitrary Code Execution. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function witho...

9.8CVSS6.9AI score0.01605EPSS
Exploits1References2
vulnersOsv
vulnersOsvadded 2020/06/15 3:44 p.m.4 views

@accordproject/cicero-cli (>=0.2.48 <=0.8.0-20181025052931), @accordproject/cicero-common (>=0.2.50 <=0.3.17-20180604161941) +102 more potentially affected by CVE-2020-7677 via thenify (>=3.0.0 <=3.3.0)

thenify NPM version =3.0.0, =0.2.48, =0.2.50, =0.2.46, =0.2.46, =0.2.46, =0.0.37, =0.0.36, =0.0.37, =0.1.0, =0.1.0, =2.1.1, =0.1.0, =0.2.2 and more Source cves: CVE-2020-7677 Source advisory: SNYK:JS-THENIFY-571690...

9.8CVSS7.2AI score0.01605EPSS
Exploits1
Rows per page
Query Builder